Cybersecurity has become a major risk for financial markets and stability according to the Commodity Futures Trading Commission Chairman. Companies and regulators are increasingly emphasizing cybersecurity. Lexis Securities Mosaic allows users to research cybersecurity through guidance from regulators, disclosures in company filings, rulemaking, enforcement actions, news and commentary, and law firm memos.

1. Cybersecurity
In a series of speeches earlier this year, Commodity Futures Trading Commission Chairman Timothy
Massad repeated the remark that cybersecurity has become “perhaps the single most important
new risk to market integrity and financial stability.” Indeed, with high-profile data breaches seemingly
happening more frequently, cybersecurity has become an area of greater emphasis for companies
and regulators alike.
How can Lexis® Securities Mosaic® help?
Securities Mosaic®
allows you to conduct research or stay current on a specific topic like cybersecurity across a
broad spectrum of materials from a single gateway. Below are some examples.
Guidance
• In April 2014, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) announced a series of
examinations aimed at identifying cybersecurity risks and assessing cybersecurity preparedness in the securities
industry. Following up on that initiative, OCIE recently issued a Risk Alert providing information on the areas of
focus for the second round of cybersecurity examinations of broker-dealers and investment advisers. These
examinations will involve more testing to assess implementation of firm procedures and controls, and will focus
on governance and risk assessment; access rights and controls; data loss prevention; vendor management;
training; and incident response.
• In Comment Letter review of filings, SEC examiners may ask a company to clarify the technological and
administrative procedures it has in place to ensure privacy and security, or to spell out the risks and potential
costs of a cyber attack or breach.
• In the past two years, not just the SEC but the IRS, Federal Reserve Board, EPA and FDA have offered official
guidance or assessment tools in the area of cybersecurity. Find them on Lexis Securities Mosaic by going to our
Laws, Rules, Agencies page, searching on “cybersecurity,” and narrowing by the “Guidance” category filter.
Disclosure
• Risk Factors. Risks disclosed to prospective and current shareholders via periodic reports and in registrations
of securities offerings are always a barometer of trending topics. Recently, it has become common practice for
companies that maintain access to sensitive or confidential data to disclose risks of potential data breaches or
security concerns.
• Management’s Discussion & Analysis. When cyber attacks—or even the mere threat of such attacks—impact a
company’s bottom line, it will merit discussion in the MD&A section of the annual report.
• Proxy statements. Cybersecurity has become a concern at companies’ annual meetings, as companies seek to
adopt and refine risk mitigation policies and procedures. The issue can even impact the election of directors and
officers, as a candidate’s credentials in the area of cybersecurity may be perceived as increasingly important.
Rulemaking
• Earlier this year, the SEC formalized certain security standards for exchange-listed companies with the adoption
of its final rule 34-73639 on Regulation Systems Compliance and Integrity (“SCI”).
• In August, the National Futures Association submitted to the CFTC a proposed interpretive notice focused on
cybersecurity. If approved by the CFTC, NFA members would be required to adopt written procedures to keep
customer data secure and safeguard access to members’ electronic systems.
Lexis®
Securities Mosaic®

2. Enforcement
• In late September, the SEC announced its first enforcement action related to cybersecurity, fining an
investment adviser for failing to establish required policies and procedures in advance of a breach that
compromised the personally identifiable information (“PII”) of approximately 100,000 individuals, including
thousands of the firm’s clients. Without admitting or denying the allegations, R.T. Jones Capital Equities
Management consented to the entry of an order finding that it violated Regulation S-P’s PII safeguard rules during
a nearly four-year period when it failed to adopt any written policies and procedures to ensure the security and
confidentiality of PII and protect it from anticipated threats or unauthorized access. The firm will pay a $75,000
penalty.
News and Commentary
• Stay well-informed on everything related to securities. Subscribe to our Daily Securities News in your inbox
each morning. This comprehensive newsletter includes SEC updates, corporate and securities news stories
from an assortment of notable world news sources, recent law firm memos, market regulation updates, pending
securities legislation, SEC enforcement and an SEC Final Rules effective date calendar.
• Check out what the top U.S. law firms are saying. Go to our database of over 100,000 Law Firm Memos and
type in relevant keywords (e.g., “cybersecurity,” “data breach”). Set up a daily alert to automatically receive the
results of your personalized search in your inbox.
• See what other influential analysts are saying. Sign up for our Securities Mosaic Blogwatch email, which
includes opinion and analysis from well-respected sources such as CorporateCounsel. net and the Harvard Law
School Forum on Corporate Governance and Financial Regulation. You can also text-search the past six months
of content in our Blogwatch archive.
Learn more about Lexis Securities Mosaic and how it can support your business today.
Contact us.
866.650.3600
www.lexisnexis.com/lsmsupport
LexisNexis, Lexis and the Knowledge Burst logo are registered trademarks of Reed
Elsevier Properties Inc., used under license. Securities Mosaic is a registered trademark of
LexisNexis, a division of Reed Elsevier Inc. Other products or services may be trademarks or
registered trademarks of their respective companies.
© 2015 LexisNexis. All rights reserved. 1015